Getting Connected

• Getting Connected Services
• uNID and Password
• Password Synchronization
• Campus Information Services
• go.utah.edu
• Computer Labs
• Campus Modems
• Department DSL
• VPN Connections
• Campus Wireless Services
• Services Home
• UIT Home

 

 

go.utah.edu

Go.utah.edu is one of two systems using the Central Authentication Service (CAS) protocol to enable "single sign-on," a process that allows users to log in to multiple University resources at the same time.

Go.utah.edu was initially developed to support Campus Information Services (CIS), which houses student record and human resource information, and requires a very high level of security protection. Applications that use this authentication system are put through stringent quality assurance to verify that the code meets certain standards, and to enforce consistency in the user experience.

 

GO.UTAH.EDU TO REPLACE ULOGIN

To fully implement single sign-on at the University, and increase our overall application security, the old, ULogin system is being retired. Over the coming year, applications currently using ULogin will transition to go.utah.edu; all new applications developed during the transition period should use go.utah.edu for their authentication. After December 31, 2012, go.utah.edu will be the only authentication system used by University applications.

This migration is important for a number of reasons, including:

• The go.utah.edu system incorporates several security tools that ULogin does not offer, thus minimizing the possibility of security risks.
• While ULogin and go.utah.edu are both CAS authentication systems, they do not work together. Signing into an application using ULogin does not authenticate a user for an application using go.utah.edu, thus defeating the purpose of single sign-on.

 

FOR IT MANAGERS

Having two University login pages provides an inconsistent user experience, and defeats the purpose of single sign-on. In deciding which login service to maintain and which to retire, several factors were considered. The reasons for selecting go.utah.edu were compelling:

go.utah.edu	ULogin
Actively maintained; kept up-to-date with regular updates	Not well maintained; updates are out-of-date
Service Manager functionality restricts access to the U of U community, minimizes security risks	Open to the world; applications not developed by the U of U can use ULogin, which may present a security risk
Deployed on two, load-balanced, server instances; can handle higher peak loads	Deployed as a single instance; lacks high availability
Provides an audit database; login attempts (both successes and failures) can be tracked, and who logged into which applications can be monitored	No audit database provided
Maintains a list of contact information for each server allowed to use go.utah.edu	Contact information not maintained
Provides full development, testing, and production environments	Lacks full development, testing, and production environments
Supports and encourages a single sign-out policy for enhanced security	No single sign-out policy supported

 

Transitioning applications from ULogin to go.utah.edu is a simple process, and easily tested. University Developers or Systems Administrators should contact the Campus Help Desk at 801-581-4000, option 1, to transition their applications to the go.utah.edu authentication.

Please provide the following information:

• The IP address and domain for your application (Note: go.utah.edu only supports https:// addresses; http:// is not allowed.)
• Contact information for the server.

In addition, IT Managers may wish to review the Java CAS Developer Quick Start guide, "Single Sign Out" section for additional information. Please note that go.utah.edu supports all CAS clients (PHP, .NET, Apache, etc).

 

Frequently Asked Questions

• How long before I need to log in again to CIS?
• Will authenticating through go.utah.edu affect my user experience with applications previously accessed through ULogin?

How long before I need to log in again to CIS?
The CAS authentication service used by go.utah.edu is designed to accommodate a variety of applications, some of which have their own session expiration settings. For example:

• CIS will time out after 60 minutes of inactivity. If you reload the main CIS page by selecting your browser's "refresh" option, your session time will reset. If your CIS session has expired, you will be directed to click on a "Return to CIS" link, and log in again. If your CAS session has not expired, then clicking on this link will take you back into CIS without needing to sign in again.
• PeopleSoft (HE & FS) will retain the same time out window as it has always had.
• For applications without internal timeout settings, the CAS timeout settings apply:
• If your CAS session remains inactive for ten hours or longer, it will expire; however, if you do anything to indicate activity, such as reloading the page you are using, your session time will reset.
• Note that for security reasons, there is a hard timeout for CAS after twelve hours – any user logged into the system for twelve hours will be required to log in again.

Will authenticating through go.utah.edu affect my user experience with applications previously accessed through ULogin?
No. The only difference you will experience will be the change in the login screen, from the ULogin page to go.utah.edu. Once you are logged in to the system, the new authentication system will not affect your user experience.

 

For More

• ULogin
• Java CAS Developer Quick Start guide
• Central Authentication Server project

For questions or help, contact the Campus Help Desk at 801-581-4000, option 1.